Outline for March 9, 1999

  1. Greetings and felicitations!
  2. Auditing
    1. Goals: reconstruction or deduction?
    2. Relationship to security policy
    3. Application logs
    4. System logs
  3. Example analysis technique
    1. GOAL methodology
    2. Do it on local file accesses
  4. Problems
    1. Log size
    2. Impact on system services
    3. Correllation of disparate logs
  5. Intrusion detection
    1. Anomaly detection
    2. Misuse detection
    3. Specification detection
  6. Anomaly detection
    1. Dorothy Denning's model and IDES
    2. Useful characteristics (examples)
    3. Cautions and problems
    4. Defeating it
  7. Misuse detection
    1. TIM (from DEC)
    2. Rule-based analysis and attack recognition
    3. Cautions and problems
    4. Defeating it
  8. Specification Detection
    1. Property-Based Testing (introduce specifications here)
    2. Example
    3. Cautions and problems
    4. Defeating it
  9. Toss in a network
    1. NSM
    2. DIDS
    3. GrIDS

You can get this document in ASCII text, Framemaker+SGML version 5.5, PDF (for Acrobat 3.0 or later), or Postscript.
Send email to cs253@csif.cs.ucdavis.edu.

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562


Page last modified on 3/25/99